Last active
January 18, 2021 07:55
-
-
Save steve-ng/ed6de1fa702ef70bd6ce to your computer and use it in GitHub Desktop.
Nginx reverse proxy wss with ssl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 443 ssl; | |
| server_name xxx.xx.io | |
| ssl on; | |
| ssl_certificate /etc/asterisk/certs/xxx.io.pem; | |
| ssl_certificate_key /etc/asterisk/certs/xxx.io.key; | |
| ssl_session_timeout 5m; | |
| ssl_protocols SSLv2 SSLv3 TLSv1; | |
| ssl_ciphers HIGH:!aNULL:!MD5; | |
| ssl_prefer_server_ciphers on; | |
| #prevent 502 bad gateway | |
| #large_client_header_buffers 8 32; | |
| location / { | |
| # prevents 502 bad gateway error | |
| proxy_buffers 8 32k; | |
| proxy_buffer_size 64k; | |
| # redirect all HTTP traffic to localhost:8088; | |
| proxy_pass http://0.0.0.0:8088/ws; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header Host $http_host; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| #proxy_set_header X-NginX-Proxy true; | |
| # enables WS support | |
| proxy_http_version 1.1; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection "upgrade"; | |
| proxy_read_timeout 999999999; | |
| } | |
| } |
Hi
Please help me with the settings provided by you. All IPs 127.0.0.1 are returned ?
Please help me
Recommended changes for line 12:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Thanks for this. Your config had the missing key for my issue!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You might want to remove SSLv2 SSLv3 from ssl_protocols :)